From: Daniel Vacek <neelx@suse.com>
To: Chris Mason <clm@meta.com>
Cc: Chris Mason <clm@fb.com>, Josef Bacik <josef@toxicpanda.com>,
Eric Biggers <ebiggers@kernel.org>,
"Theodore Y. Ts'o" <tytso@mit.edu>,
Jaegeuk Kim <jaegeuk@kernel.org>, Jens Axboe <axboe@kernel.dk>,
David Sterba <dsterba@suse.com>,
linux-block@vger.kernel.org, linux-fscrypt@vger.kernel.org,
linux-btrfs@vger.kernel.org, linux-kernel@vger.kernel.org,
Omar Sandoval <osandov@osandov.com>,
Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
Subject: Re: [PATCH v6 11/43] btrfs: add inode encryption contexts
Date: Wed, 18 Feb 2026 14:18:28 +0100 [thread overview]
Message-ID: <CAPjX3FdXC5LX6UBmsCf6cdGquwsPrh3gp3OKj0NEerXkbFSd5w@mail.gmail.com> (raw)
In-Reply-To: <20260208153808.3476221-1-clm@meta.com>
On Sun, 8 Feb 2026 at 16:38, Chris Mason <clm@meta.com> wrote:
> Daniel Vacek <neelx@suse.com> wrote:
> > From: Omar Sandoval <osandov@osandov.com>
> >
> > fscrypt stores a context item with encrypted inodes that contains the
> > related encryption information. fscrypt provides an arbitrary blob for
> > the filesystem to store, and it does not clearly fit into an existing
> > structure, so this goes in a new item type.
>
> Hi everyone,
>
> I'm running the btrfs for-next branch, along with the encryption patch set
> through my AI review prompts:
>
> https://github.com/masoncl/review-prompts
>
> I'm working on some btrfs specific instructions, but hopefully these reviews
> are already useful. I've kept the headers to make it easier to double check
> that I'm actually replying to the right email, but please let me know if any
> parts of this are incorrect:
>
> commit 2d6114c2937b897d844735aa16d5369e3ec6d135
> Author: Omar Sandoval <osandov@osandov.com>
>
> btrfs: add inode encryption contexts
>
> fscrypt stores a context item with encrypted inodes that contains the
> related encryption information. fscrypt provides an arbitrary blob for
> the filesystem to store, and it does not clearly fit into an existing
> structure, so this goes in a new item type.
>
> > diff --git a/fs/btrfs/fscrypt.c b/fs/btrfs/fscrypt.c
> > index 6cfba7d94e726..e9b024d671a22 100644
> > --- a/fs/btrfs/fscrypt.c
> > +++ b/fs/btrfs/fscrypt.c
>
> [ ... ]
>
> > @@ -1,10 +1,126 @@
> > // SPDX-License-Identifier: GPL-2.0
> >
> > +#include <linux/iversion.h>
> > #include "ctree.h"
> > +#include "accessors.h"
> > #include "btrfs_inode.h"
> > +#include "disk-io.h"
> > +#include "fs.h"
> > #include "fscrypt.h"
> > +#include "ioctl.h"
> > +#include "messages.h"
> > +#include "transaction.h"
> > +#include "xattr.h"
> > +
> > +static int btrfs_fscrypt_get_context(struct inode *inode, void *ctx, size_t len)
> > +{
> > + struct btrfs_key key = {
> > + .objectid = btrfs_ino(BTRFS_I(inode)),
> > + .type = BTRFS_FSCRYPT_INODE_CTX_KEY,
> > + .offset = 0,
> > + };
> > + struct btrfs_path *path;
> > + struct extent_buffer *leaf;
> > + unsigned long ptr;
> > + int ret;
> > +
> > +
> > + path = btrfs_alloc_path();
> > + if (!path)
> > + return -ENOMEM;
> > +
> > + ret = btrfs_search_slot(NULL, BTRFS_I(inode)->root, &key, path, 0, 0);
> > + if (ret) {
> > + len = -ENOENT;
> > + goto out;
> > + }
> > +
> > + leaf = path->nodes[0];
> > + ptr = btrfs_item_ptr_offset(leaf, path->slots[0]);
> > + /* fscrypt provides max context length, but it could be less */
> > + len = min_t(size_t, len, btrfs_item_size(leaf, path->slots[0]));
> > + read_extent_buffer(leaf, ctx, ptr, len);
> > +
> > +out:
> > + btrfs_free_path(path);
> > + return len;
> > +}
> > +
> > +static int btrfs_fscrypt_set_context(struct inode *inode, const void *ctx,
> > + size_t len, void *fs_data)
> > +{
> > + struct btrfs_trans_handle *trans = fs_data;
> > + struct btrfs_key key = {
> > + .objectid = btrfs_ino(BTRFS_I(inode)),
> > + .type = BTRFS_FSCRYPT_INODE_CTX_KEY,
> > + .offset = 0,
> > + };
> > + struct btrfs_path *path = NULL;
> > + struct extent_buffer *leaf;
> > + unsigned long ptr;
> > + int ret;
> > +
> > + if (!trans)
> > + trans = btrfs_start_transaction(BTRFS_I(inode)->root, 2);
> > + if (IS_ERR(trans))
> > + return PTR_ERR(trans);
> > +
> > + path = btrfs_alloc_path();
> > + if (!path) {
> > + ret = -ENOMEM;
> > + goto out_err;
> > + }
> > +
> > + ret = btrfs_search_slot(trans, BTRFS_I(inode)->root, &key, path, 0, 1);
> > + if (ret < 0)
> > + goto out_err;
> > +
> > + if (ret > 0) {
> > + btrfs_release_path(path);
> > + ret = btrfs_insert_empty_item(trans, BTRFS_I(inode)->root, path, &key, len);
> > + if (ret)
> > + goto out_err;
> > + }
> > +
> > + leaf = path->nodes[0];
> > + ptr = btrfs_item_ptr_offset(leaf, path->slots[0]);
> > +
> > + len = min_t(size_t, len, btrfs_item_size(leaf, path->slots[0]));
> > + write_extent_buffer(leaf, ctx, ptr, len);
> > + btrfs_mark_buffer_dirty(trans, leaf);
> > + btrfs_release_path(path);
> > +
> > + if (fs_data)
> > + return ret;
>
> Does this code leak the path when fs_data is non-NULL?
>
> In btrfs_fscrypt_set_context(), a path is allocated via btrfs_alloc_path()
> but when fs_data is provided (during inode creation with a transaction
> handle), the function returns here without calling btrfs_free_path(path).
>
> The btrfs_release_path() call above only releases internal references to
> extent buffers and locks but does not free the path structure itself.
>
> This leak occurs on every encrypted inode creation. The fix would be to add
> btrfs_free_path(path) before the return.
That's correct. Good catch!
--- a/fs/btrfs/fscrypt.c
+++ b/fs/btrfs/fscrypt.c
@@ -155,7 +155,7 @@ static int btrfs_fscrypt_set_context(struct inode
*inode, const void *ctx,
btrfs_release_path(path);
if (fs_data)
- return ret;
+ goto out_err;
BTRFS_I(inode)->flags |= BTRFS_INODE_ENCRYPT;
btrfs_sync_inode_flags_to_i_flags(BTRFS_I(inode));
Thanks.
--nX
> > +
> > + BTRFS_I(inode)->flags |= BTRFS_INODE_ENCRYPT;
> > + btrfs_sync_inode_flags_to_i_flags(BTRFS_I(inode));
> > + inode_inc_iversion(inode);
> > + inode_set_ctime_current(inode);
> > + ret = btrfs_update_inode(trans, BTRFS_I(inode));
> > + if (ret)
> > + goto out_abort;
> > + btrfs_free_path(path);
> > + btrfs_end_transaction(trans);
> > + return 0;
> > +out_abort:
> > + btrfs_abort_transaction(trans, ret);
> > +out_err:
> > + if (!fs_data)
> > + btrfs_end_transaction(trans);
> > + btrfs_free_path(path);
> > + return ret;
> > +}
>
> [ ... ]
>
next prev parent reply other threads:[~2026-02-18 13:18 UTC|newest]
Thread overview: 77+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-06 18:22 [PATCH v6 00/43] btrfs: add fscrypt support Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 01/43] fscrypt: add per-extent encryption support Daniel Vacek
2026-02-21 22:11 ` Eric Biggers
2026-02-06 18:22 ` [PATCH v6 02/43] fscrypt: allow inline encryption for extent based encryption Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 03/43] fscrypt: add a __fscrypt_file_open helper Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 04/43] fscrypt: conditionally don't wipe mk secret until the last active user is done Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 05/43] blk-crypto: add a process_bio callback Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 06/43] fscrypt: add a process_bio hook to fscrypt_operations Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 07/43] fscrypt: expose fscrypt_nokey_name Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 08/43] fscrypt: add documentation about extent encryption Daniel Vacek
2026-02-06 18:43 ` Randy Dunlap
2026-02-17 14:48 ` Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 09/43] btrfs: add infrastructure for safe em freeing Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 10/43] btrfs: start using fscrypt hooks Daniel Vacek
2026-02-08 15:44 ` Chris Mason
2026-02-17 15:26 ` Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 11/43] btrfs: add inode encryption contexts Daniel Vacek
2026-02-08 15:36 ` Chris Mason
2026-02-18 13:18 ` Daniel Vacek [this message]
2026-02-06 18:22 ` [PATCH v6 12/43] btrfs: add new FEATURE_INCOMPAT_ENCRYPT flag Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 13/43] btrfs: adapt readdir for encrypted and nokey names Daniel Vacek
2026-02-08 15:35 ` Chris Mason
2026-02-18 14:05 ` Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 14/43] btrfs: handle " Daniel Vacek
2026-02-08 15:28 ` Chris Mason
2026-02-18 14:50 ` Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 15/43] btrfs: implement fscrypt ioctls Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 16/43] btrfs: select encryption dependencies if FS_ENCRYPTION Daniel Vacek
2026-02-08 15:22 ` Chris Mason
2026-02-18 15:02 ` Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 17/43] btrfs: add get_devices hook for fscrypt Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 18/43] btrfs: set file extent encryption excplicitly Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 19/43] btrfs: add fscrypt_info and encryption_type to extent_map Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 20/43] btrfs: add fscrypt_info and encryption_type to ordered_extent Daniel Vacek
2026-02-08 15:18 ` Chris Mason
2026-02-18 15:29 ` Daniel Vacek
2026-02-18 15:50 ` Chris Mason
2026-02-18 16:11 ` Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 21/43] btrfs: plumb through setting the fscrypt_info for ordered extents Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 22/43] btrfs: populate the ordered_extent with the fscrypt context Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 23/43] btrfs: keep track of fscrypt info and orig_start for dio reads Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 24/43] btrfs: add extent encryption context tree item type Daniel Vacek
2026-02-08 15:16 ` Chris Mason
2026-02-18 17:25 ` Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 25/43] btrfs: pass through fscrypt_extent_info to the file extent helpers Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 26/43] btrfs: implement the fscrypt extent encryption hooks Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 27/43] btrfs: setup fscrypt_extent_info for new extents Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 28/43] btrfs: populate ordered_extent with the orig offset Daniel Vacek
2026-02-08 15:12 ` Chris Mason
2026-03-03 13:42 ` Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 29/43] btrfs: set the bio fscrypt context when applicable Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 30/43] btrfs: add a bio argument to btrfs_csum_one_bio Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 31/43] btrfs: limit encrypted writes to 256 segments Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 32/43] btrfs: implement process_bio cb for fscrypt Daniel Vacek
2026-02-08 15:10 ` Chris Mason
2026-03-24 9:36 ` Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 33/43] btrfs: implement read repair for encryption Daniel Vacek
2026-02-08 15:08 ` Chris Mason
2026-03-25 14:17 ` Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 34/43] btrfs: add test_dummy_encryption support Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 35/43] btrfs: make btrfs_ref_to_path handle encrypted filenames Daniel Vacek
2026-02-08 15:02 ` Chris Mason
2026-03-25 15:27 ` Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 36/43] btrfs: deal with encrypted symlinks in send Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 37/43] btrfs: decrypt file names for send Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 38/43] btrfs: load the inode context before sending writes Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 39/43] btrfs: set the appropriate free space settings in reconfigure Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 40/43] btrfs: support encryption with log replay Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 41/43] btrfs: disable auto defrag on encrypted files Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 42/43] btrfs: disable encryption on RAID5/6 Daniel Vacek
2026-02-08 13:14 ` Chris Mason
2026-02-06 18:23 ` [PATCH v6 43/43] btrfs: disable send if we have encryption enabled Daniel Vacek
2026-02-06 18:42 ` [PATCH v6 00/43] btrfs: add fscrypt support Daniel Vacek
2026-02-21 20:56 ` Eric Biggers
2026-02-27 15:50 ` Daniel Vacek
2026-02-27 22:26 ` Neal Gompa
2026-02-28 7:57 ` Daniel Vacek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAPjX3FdXC5LX6UBmsCf6cdGquwsPrh3gp3OKj0NEerXkbFSd5w@mail.gmail.com \
--to=neelx@suse.com \
--cc=axboe@kernel.dk \
--cc=clm@fb.com \
--cc=clm@meta.com \
--cc=dsterba@suse.com \
--cc=ebiggers@kernel.org \
--cc=jaegeuk@kernel.org \
--cc=josef@toxicpanda.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=osandov@osandov.com \
--cc=sweettea-kernel@dorminy.me \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox